mirrors/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-02-14 18:12:31 +00:00
Code Activity

feat: add CLI command for encryption key rotation (#1209)

Browse Source
This commit is contained in:
Elias Schneider
2026-01-07 09:34:23 +01:00
committed by GitHub
parent 5828fa5779
commit 2af70d9b4d
13 changed files with 340 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/internal/service/e2etest_service.go
View File

@@ -526,7 +526,7 @@ func (s *TestService) ResetAppConfig(ctx context.Context) error {
}
// Reload the JWK
if err := s.jwtService.LoadOrGenerateKey(); err != nil {
if err := s.jwtService.LoadOrGenerateKey(ctx); err != nil {
return err
}

14
backend/internal/service/jwt_service.go
View File

@@ -56,10 +56,10 @@ type JwtService struct {
jwksEncoded []byte
}
func NewJwtService(db *gorm.DB, appConfigService *AppConfigService) (*JwtService, error) {
func NewJwtService(ctx context.Context, db *gorm.DB, appConfigService *AppConfigService) (*JwtService, error) {
service := &JwtService{}
err := service.init(db, appConfigService, &common.EnvConfig)
err := service.init(ctx, db, appConfigService, &common.EnvConfig)
if err != nil {
return nil, err
}
@@ -67,16 +67,16 @@ func NewJwtService(db *gorm.DB, appConfigService *AppConfigService) (*JwtService
return service, nil
}
func (s *JwtService) init(db *gorm.DB, appConfigService *AppConfigService, envConfig *common.EnvConfigSchema) (err error) {
func (s *JwtService) init(ctx context.Context, db *gorm.DB, appConfigService *AppConfigService, envConfig *common.EnvConfigSchema) (err error) {
s.appConfigService = appConfigService
s.envConfig = envConfig
s.db = db
// Ensure keys are generated or loaded
return s.LoadOrGenerateKey()
return s.LoadOrGenerateKey(ctx)
}
func (s *JwtService) LoadOrGenerateKey() error {
func (s *JwtService) LoadOrGenerateKey(ctx context.Context) error {
// Get the key provider
keyProvider, err := jwkutils.GetKeyProvider(s.db, s.envConfig, s.appConfigService.GetDbConfig().InstanceID.Value)
if err != nil {
@@ -84,7 +84,7 @@ func (s *JwtService) LoadOrGenerateKey() error {
}
// Try loading a key
key, err := keyProvider.LoadKey()
key, err := keyProvider.LoadKey(ctx)
if err != nil {
return fmt.Errorf("failed to load key: %w", err)
}
@@ -105,7 +105,7 @@ func (s *JwtService) LoadOrGenerateKey() error {
}
// Save the newly-generated key
err = keyProvider.SaveKey(s.privateKey)
err = keyProvider.SaveKey(ctx, s.privateKey)
if err != nil {
return fmt.Errorf("failed to save private key: %w", err)
}

6
backend/internal/service/jwt_service_test.go
View File

@@ -38,7 +38,7 @@ func initJwtService(t *testing.T, db *gorm.DB, appConfig *AppConfigService, envC
t.Helper()
service := &JwtService{}
err := service.init(db, appConfig, envConfig)
err := service.init(t.Context(), db, appConfig, envConfig)
require.NoError(t, err, "Failed to initialize JWT service")
return service
@@ -65,7 +65,7 @@ func saveKeyToDatabase(t *testing.T, db *gorm.DB, envConfig *common.EnvConfigSch
keyProvider, err := jwkutils.GetKeyProvider(db, envConfig, appConfig.GetDbConfig().InstanceID.Value)
require.NoError(t, err, "Failed to init key provider")
err = keyProvider.SaveKey(key)
err = keyProvider.SaveKey(t.Context(), key)
require.NoError(t, err, "Failed to save key")
kid, ok := key.KeyID()
@@ -93,7 +93,7 @@ func TestJwtService_Init(t *testing.T) {
// Verify the key has been persisted in the database
keyProvider, err := jwkutils.GetKeyProvider(db, mockEnvConfig, mockConfig.GetDbConfig().InstanceID.Value)
require.NoError(t, err, "Failed to init key provider")
key, err := keyProvider.LoadKey()
key, err := keyProvider.LoadKey(t.Context())
require.NoError(t, err, "Failed to load key from provider")
require.NotNil(t, key, "Key should be present in the database")

2
backend/internal/service/oidc_service_test.go
View File

@@ -160,7 +160,7 @@ func TestOidcService_verifyClientCredentialsInternal(t *testing.T) {
mockConfig := NewTestAppConfigService(&model.AppConfig{
SessionDuration: model.AppConfigVariable{Value: "60"}, // 60 minutes
})
mockJwtService, err := NewJwtService(db, mockConfig)
mockJwtService, err := NewJwtService(t.Context(), db, mockConfig)
require.NoError(t, err)
// Create a mock HTTP client with custom transport to return the JWKS